Code & Driver Signing Certificates Overview:

You’ve worked too hard to leave your code unprotected.

As an independent developer or programmer, your code is your reputation. If your release is hacked, infected, or altered in any way, customers won’t trust you enough to give you a second chance. Protect yourself, your customers and your good name with the rock-solid security of a code or driver signing certificate.

Code Signing Certificates:

Authenticate the source and integrity of your code.

Eliminate “Unidentified Publisher” warnings.

Inspire confidence from users by showing them your code is trustworthy.

Code & Driver Signing Certificates Features:

Trust our code to protect yours.

Bad things can happen to your code when it’s distributed online. It can be hacked before it reaches the user, stolen by another developer, or just never get installed because the “Unidentified Publisher” warning scares off your customers. Fortunately, a Hiya Digital USA Code or Driver Signing Certificate makes it easy to protect your code — and your customers — from these and other issues.

Code & Driver Signing Certificate Features:

Secure your software with the same industry-standard encryption used for SSL Certificates, making it impossible for others to alter your code.

Act as a digital ‘safety seal’ to show customers that your code has not been tampered with in any way.

Display your name or your company’s name, instead of “Unidentified Publisher,” during download and installation, so customers know you’re a legitimate developer.

Work with several types of files and languages, including .EXE, .CAB, .DLL, .OCX, Java, HTML, ActiveX, even Microsoft® Office Macros and any other file types that support digital signatures.

Include time-stamps so users know that your code went through the verification process, even if you allow the certificate to expire.

Driver Signing Certificate Features:

Is required by Microsoft for all hardware drivers for Windows Vista or later. Customers will not be able to install your software unless it was signed with a driver signing certificate.

Is designed specifically to protect and validate hardware drivers developed for Microsoft operating systems, Windows Vista or later.

Is verified through both Hiya Digital USA and Microsoft via cross-certificate validation, adding an extra level of security and assurance for your customers.

Code & Driver Signing Certificates FAQs:

Help Center

What are Code Signing and Driver Signing certificates?

Code Signing certificates attach a digital signature to code to validate that the content has not been altered since it was signed and distributed. Code signing works with software components, macros, firmware images, configuration files, and other types of content.

Browsers and operating systems are continually improving security measures, and many currently scan downloaded files to check for code signatures.

For more information, see About Code Signing Certificates and Microsoft®’s Introduction to Code Signing.

Driver Signing certificates (also know as kernel-mode Code Signing certificates) are identical to Code Signing certificates, except they are specifically designed to secure code from Windows® hardware drivers and operating systems. Driver Signing certificates are required to sign all drivers on any Windows Vista® operating system or later.

For more information, see Microsoft’s Driver Signing article.

Who needs a code signing certificate?

Online security vigilance is at an all-time high. Most Web users won’t download software unless you can prove it’s legitimate. Code signing certificates inspire confidence and give you the proof you need to validate your code.Software developers can use code signing certificates to provide extra assurance to their customers about who produced the content and that it’s not tampered with. Signed code also prevents unidentified third parties from altering the code before it’s distributed.Content publishers can digitally sign software components, macros, firmware images, virus updates, configuration files or other types of content for secure delivery over the Internet or other mechanisms.

Code signing is particularly important when the source of a given piece of code might not be obvious – for example Active X controls, Java applets, and other active Web scripting codes.Most Web users understand the potential risks involved with downloading content from the Internet. It’s important your end users can trust the code you publish on the Internet. Code signing certificates help confirm software security and assurance with your customers.

How does code signing work?

Newer operating systems and Internet browsers are often set to higher online security levels, which often require signed content. For example, Internet Explorer® uses Authenticode® technology to identify the publisher of signed software and verify that it hasn’t been tampered with.When a code signed file is downloaded from a website, the certificate is extracted from the file. The browser cross-checks this information with an internal list of certificate authorities, and then verifies the signature in the certificate.If the signed software is tampered with in any way, the digital signature breaks and alerts customers that the code has been altered and is not trustworthy.

How does someone know they can trust my signature?

When someone attempts to download or run unsigned code, their browser attempts to validate the security of the downloaded content. A security warning pops up or the Web page content fails to load, depending on the browser security settings. These warnings create suspicion and confusion for the user.Digitally signing code prevents unnecessary warning dialogues when end users attempt to run the signed application or executable file.

After I purchase a code signing certificate, what do I need to do?

After you purchase a code signing certificate, you need to provide a certificate signing request (CSR) from the computer that is signing the code. Depending on the use of the certificate, you can create the CSR automatically, or you can use a tool like OpenSSL to generate the CSR.After you submit your request, we verify the company information you supplied. The Registration Authority (RA) might contact you to provide additional information, if required. You can monitor the validation process through your account.Once the code signing certificate is issued, we’ll send you an email with a link to download and install the certificate file and any associated intermediate certificates.You can even time-stamp your signature block using Authenticode to show the validity of your certificate at the time the code was signed.